Milestone 57

What's New


  • Request user input as part of playbook automation.
    Sometimes playbook steps require input that can't be fully automated. You can now set up playbook automation to request information using a form and incorporate selected responses in the playbook. See Create forms for user input.
  • FetchAlerts operator returns specified alerts in a playbook.

Case Management

  • Manage your SOC with custom statuses and priorities.
    Cases can now include the same statuses and priorities that you track in your SOC, and workflows allow you to determine the allowable status transitions. See Create settings for cases.


  • Deploy detection content in bulk
    Detections can now be added to LogicHub in bulk, significantly reducing the time required to set up detections in your environment.


  • Find unpublished modules or custom integrations and push them to the content exchange.
    Allow users to find all the unpublished content (modules/custom integrations) and publish the content in bulk.
  • AWS CloudWatch Logs has a new FilterLogEvents action.
  • IBM QRadar has new actions.
  • MongoDB integration now supports all valid Mongo queries.
  • FortiSIEM has a new Execute Event Query action.

Bug Fixes

  • Exporting module does not include a custom list or custom integration dependencies
  • Add node name in batch performance explain plan